What Does a Cybersecurity Analyst Do?

The role and responsibilities of a cybersecurity analyst vary by team and organization. But whether you’re working on a Security Operations Center (SOC) team — or perhaps with incident response or insider threats, the mission is the same: Defend an organization from cyberthreats.

What Exactly Do Cybersecurity Analysts Do?

While the work of a cybersecurity analyst varies, it may involve monitoring alerts — particularly when you’re starting out, according to Glen Mitchell, an adjunct at SNHU who got his start in cybersecurity in 2001 with the U.S. Army.

Now a senior manager for cyber operations at a hospital, Mitchell said the systems you’ll monitor as a cybersecurity analyst may include:

• Endpoint Detection and Response (EDR) tools
• Remote access and communication tools
• Security Information and Event Management (SIEM) solutions
• Threat intelligence feeds
• Organization ticketing platforms

Working as a cybersecurity analyst involves critical thinking and investigation. “This is not just a technical job but one crafted out of the intelligence sector, with a need to understand social aspects of users and operations,” Mitchell said. “To be better at our (job), we merely cannot delete the bad file that triggered the alert but understand how the file got there.”

He said that involves asking questions such as:

• What was the user doing to receive the bad file?
• What else did the bad file do to the system?
• What were the attacker’s intentions?
• What did the attacker get the user to do?
• What technical or training changes need to be made?

“In our role, we will never know everything, but we need to (be) able to adapt, pivot and know where to look when we do not have the answer readily available,” Mitchell said.

Want to explore other options in the field? Here are 10 jobs to consider with an online bachelor's in cybersecurity.

A Day in the Life of a Security Analyst

When Gina Cramer ’20 finished her cybersecurity degree at SNHU, she began working as a security analyst for a global financial services company.

“In the beginning, I was learning how to scan, was doing the research on vulnerabilities and getting familiar with different things, shadowing people,” Cramer said. “So, my main responsibility at the time was just scanning the applications.”

As Cramer gained experience, she started building on her role as an analyst.

While she continues to do Application Programming Interfaces (API) scanning today, her role has grown. She conducts peer reviews of reports submitted to other teams and vendors to ensure they’re accurate and well-presented. She also updates templates, creates documentation and mentors others.

While her days can vary, she said they typically go as follows:

• Attend morning team meetings
• Review emails and other notifications received overnight
• Conduct peer reviews with global time zones in mind
• Scan applications and learn to navigate new ones
• Complete paperwork and research related to updates

Cramer also handles “fires” — or situations requiring immediate attention — as they arise. “So, my day is kind of structured,” she said. “But you never know when it's going to go off the rails.”

Are you hoping to launch your career in this field, too? Read more about whether a cybersecurity degree is worth it.

Do Cybersecurity Analysts Get Paid Well?

Cybersecurity analysts, also known as information security analysts, typically out-earn other professions, according to the U.S. Bureau of Labor Statistics (BLS).* But what you make will depend on many factors, including your location, experience level and industry.

In 2024, according to BLS, information security analysts earned a median salary of $124,910 — two and a half times more than the median salary for all occupations.*

The lowest 10% of information security analysts earned less than $69,660 in 2024, BLS reported — likely a more realistic target if you’re starting in the field.*

What Are the Skills Required for a Cybersecurity Analyst?

As you can imagine, cybersecurity analysts require technical knowledge that can be gained through educational programs, such as a certificate or degree. There are also important soft skills and abilities in this field.

According to Cyndie Ramirez ’18, you need an investigative mindset and the ability to think outside of the box when you look into problems.

After earning her bachelor’s in information technology with a concentration in cybersecurity, Ramirez joined the field as a SOC analyst. From there, she transitioned to an insider threat team within the same organization, where she became a senior analyst — and now a senior manager.

Some aspects of a cybersecurity analyst job can involve high stress and test your stamina. Ramirez said it’s important to have self-awareness and recognize and prevent burnout, particularly when responding to incidents.

Communication and a desire to keep learning are also essential for success in this field.

Communication

Cybersecurity analysts collaborate with a lot of teams and users. Some of these people are technicians and administrators with equally technical backgrounds, while others have little or no background in the field. BLS noted that you must be able to tailor your communication, which could include high-stakes information about threats, to different audiences.

"You have to be able to communicate well and get through the technical jargon because they may not be that savvy with it," Cramer said. She found that the analytical thinking and writing assignments she did as a cybersecurity student helped her hone this skill.

Plus, as a peer reviewer for her team, she ensures reports are professional, accurate, grammatically sound and edited consistently for the stakeholders receiving them.

Drive to Learn

In this role — and throughout the cybersecurity field — you must be willing to adapt as industry and technology evolve.

“Once you land that role, it doesn't stop,” Ramirez said. “You definitely have to keep learning on your own.”

By continuing your education — whether that’s through taking courses, earning a cybersecurity certification or consuming industry news — you can avoid becoming stagnant in your career, she said. You’ll be better prepared to understand new threats to your organization.

“There will always be threat actors, and they will always be coming up with new things — new vulnerabilities to attack,” Cramer said. "The operating systems all change and update, and even though people are really good at what they do, when you get kind of narrow-minded and focused, you could miss those vulnerabilities.”

Getting Started

If you’re new to the field, you can learn more about how to become a cybersecurity analyst. Three qualification areas typically help: education, certification and experience.

When it comes time to apply for job roles, Ramirez encourages others to look for an analyst role on a SOC team, like she did.

“I had visibility and ability to work so many different types of incidents that I kind of thought about, okay, well, where do I want to be?” she said. “I worked with so many other teams, so it helped me understand where I wanted to go next.”

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

Rebecca LeBoeuf Blanchette '18 '22G is a writer at Southern New Hampshire University, where she fulfills her love of learning daily through conversations with professionals across a range of fields. She earned her Bachelor of Arts in Communication with a minor in Professional Writing at SNHU’s campus in Manchester, New Hampshire, and followed her love of storytelling into the online Master of Arts in English and Creative Writing at SNHU. Connect with her on LinkedIn.